US6996830B1 - System determining whether to activate public and private components operating within multiple applications of a component-based computing system - Google Patents

System determining whether to activate public and private components operating within multiple applications of a component-based computing system Download PDF

Info

Publication number
US6996830B1
US6996830B1 US09/850,318 US85031801A US6996830B1 US 6996830 B1 US6996830 B1 US 6996830B1 US 85031801 A US85031801 A US 85031801A US 6996830 B1 US6996830 B1 US 6996830B1
Authority
US
United States
Prior art keywords
component
requested
calling
identity
computing system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime, expires
Application number
US09/850,318
Inventor
Keith S. Hamilton
Steve Jamieson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Priority to US09/850,318 priority Critical patent/US6996830B1/en
Assigned to MICROSOFT CORPORATION reassignment MICROSOFT CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HAMILTON, KEITH, JAMIESON, STEVE
Application granted granted Critical
Publication of US6996830B1 publication Critical patent/US6996830B1/en
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC reassignment MICROSOFT TECHNOLOGY LICENSING, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MICROSOFT CORPORATION
Adjusted expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/468Specific access rights for resources, e.g. using capability register
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Definitions

  • the invention relates generally to a component-based computing system and more particularly to component-based computing system having both publicly accessible and privately-only accessible computing components within multiple applications within the computing system.
  • Object-oriented programming systems utilize collections of computer programming components executing within a system to form applications that provide a desired set of functionality.
  • Components that possess authority to gain access to components present on a given system typically can identity and activate all other components that are presented on this system. This fact may allow processing systems to behave in manners that are different that initially intended as components attempt to access components that were not intended to be activated by a particular component.
  • component-based systems typically arises when a component in one collection of components that is viewed to be a single application attempts to access components resident within a second application resident on the same computing system. No mechanism exists in current component based systems to confine activation calls for components between these applications to a small, well-defined set of access points. As such, component based systems may be vulnerable to several different types of inappropriate and unauthorized behavior by applications.
  • This situation is different in component based computing systems in which one component may call a second component which in turn may call a third component.
  • This sequence of calls may extend to any number of levels.
  • the various components may be developed by different individuals for completely different purposes. The net result of these combinations of component calls may not be well understood or easily traceable until inappropriate behavior has occurred.
  • the present invention relates to a method, apparatus, and article of manufacture for providing a component-based computing system having both publicly accessible and privately-only accessible computing components within multiple applications for providing component addressing/identification and naming spaces.
  • a system in accordance with the principles of the present invention includes a computing system for activating a requested processing component initiated by a calling component within a local computing system.
  • the computing system has an application activation control module for receiving a request to activate a component initiated by a calling component and activating an instance of the requested component, and an application identity module for determining the identity of one or more applications used to identify the requested processing component, a permit object activation module for determining whether an instance of the requested component may be activated.
  • One such aspect of the present invention is a method and computer data product encoding instructions for activating a requested processing component initiated by a calling component within a local computing system having two or more applications.
  • the method determines the identity of the requested processing component, including an identity of a class ID and an identity of an application from a request to activate a component initiated by a calling component and obtains configuration data for the requested component, the configuration data comprises an indication of public-private status for the requested component. If the configuration data indicates that the requested component is a public component, an instance of the requested component is activated.
  • the method determines if the requested component is a member of an application that also includes the calling component as a member. If the requested component and the calling component are members of the same application, an instance of the requested component is activated.
  • FIG. 1 illustrates a distributed computing environment for using public and private components within multiple applications located on a remote server according to an example embodiment of the present invention.
  • FIG. 2 illustrates an exemplary computing system useful for implementing an embodiment of the present invention.
  • FIG. 3 illustrates multiple applications containing programmable components within a remote server in an embodiment of the present invention.
  • FIG. 4 illustrates a computing system for processing component activation using public and private components within multiple applications according to yet another example embodiment of the present invention.
  • FIG. 5 illustrates a process flow diagram representing the processing performed as part of component activation using public and private components within multiple applications according to yet another example embodiment of the present invention.
  • the present invention relates to a code generation method, apparatus, and article of manufacture for providing a component-based computing system having both publicly accessible and privately-only accessible computing components within multiple applications within a component based computer system.
  • FIG. 1 illustrates a distributed computing environment for using public and private components within multiple applications located on a remote server according to an example embodiment of the present invention.
  • remotely located client computing systems 101 – 103 access programmable computing processing components on a remote server 110 across a communications network 120 .
  • programmable computing processing components on a remote server 110 across a communications network 120 .
  • at least two programming applications are included within the server 110 .
  • the component selected for activation using the ID of the original calling client to determine where to find the component to be selected. While this example embodiment operates within a client-server environment, one skilled in the art will recognize that the use of multiple applications within component-based computing systems as disclosed herein is not limited to such a programming environment as the client processes that cause components to be activated according to the present invention as recited within the attached claims may also be located within the server as well as being located within remote client computing systems 101 – 103 .
  • the processing performed pursuant to the present invention corresponds to the process followed when a component is activated.
  • These components are typically individual object-oriented programming modules and the process of activating a component corresponds to the process of creating an instance of the component that is to be used to provide a function or operation to be performed for a given client 101 – 103 .
  • the instance of the component may be called one or more times to perform a desired operation.
  • the processing associated with the present invention typically concerns the processing performed to identify the component when it is being activated and instantiated, rather than when the already active instance of the component is called a second time.
  • the activated component c 1 113 may itself make an activation call 122 to a component c 2 114 that is part of the same application 112 or may make an activation call 123 to component c 6 115 that is part of a second application 111 .
  • an exemplary system for implementing the invention includes a general-purpose computing device in the form of a conventional personal computer 200 , including a processor unit 202 , a system memory 204 , and a system bus 206 that couples various system components including the system memory 204 to the processor unit 200 .
  • the system bus 206 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus and a local bus using any of a variety of bus architectures.
  • the system memory includes read only memory (ROM) 208 and random access memory (RAM) 210 .
  • a basic input/output system 212 (BIOS) which contains basic routines that help transfer information between elements within the personal computer 200 , is stored in ROM 208 .
  • the personal computer 200 further includes a hard disk drive 212 for reading from and writing to a hard disk, a magnetic disk drive 214 for reading from or writing to a removable magnetic disk 216 , and an optical disk drive 218 for reading from or writing to a removable optical disk 219 such as a CD ROM, DVD, or other optical media.
  • the hard disk drive 212 , magnetic disk drive 214 , and optical disk drive 218 are connected to the system bus 206 by a hard disk drive interface 220 , a magnetic disk drive interface 222 , and an optical drive interface 224 , respectively.
  • the drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, programs, and other data for the personal computer 200 .
  • exemplary environment described herein employs a hard disk, a removable magnetic disk 216 , and a removable optical disk 219
  • other types of computer-readable media capable of storing data can be used in the exemplary system.
  • Examples of these other types of computer-readable mediums that can be used in the exemplary operating environment include magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges, random access memories (RAMs), and read only memories (ROMs).
  • a number of program modules may be stored on the hard disk, magnetic disk 216 , optical disk 219 , ROM 208 or RAM 210 , including an operating system 226 , one or more application programs 228 , other program modules 230 , and program data 232 .
  • a user may enter commands and information into the personal computer 200 through input devices such as a keyboard 234 and mouse 236 or other pointing device. Examples of other input devices may include a microphone, joystick, game pad, satellite dish, and scanner. These and other input devices are often connected to the processing unit 202 through a serial port interface 240 that is coupled to the system bus 206 . Nevertheless, these input devices also may be connected by other interfaces, such as a parallel port, game port, or a universal serial bus (USB).
  • a monitor 242 or other type of display device is also connected to the system bus 206 via an interface, such as a video adapter 244 . In addition to the monitor 242 , personal computers typically include other peripheral output devices (not shown), such as speakers and printers
  • the personal computer 200 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 246 .
  • the remote computer 246 may be another personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the personal computer 200 .
  • the network connections include a local area network (LAN) 248 and a wide area network (WAN) 250 .
  • LAN local area network
  • WAN wide area network
  • the personal computer 200 When used in a LAN networking environment, the personal computer 200 is connected to the local network 248 through a network interface or adapter 252 . When used in a WAN networking environment, the personal computer 200 typically includes a modem 254 or other means for establishing communications over the wide area network 250 , such as the Internet.
  • the modem 254 which may be internal or external, is connected to the system bus 206 via the serial port interface 240 .
  • program modules depicted relative to the personal computer 200 may be stored in the remote memory storage device. It will be appreciated that the network connections shown are exemplary, and other means of establishing a communications link between the computers may be used.
  • the embodiments described herein are implemented as logical operations performed by a computer.
  • the logical operations of these various embodiments of the present invention are implemented (1) as a sequence of computer implemented steps or program modules running on a computing system and/or (2) as interconnected machine modules or hardware logic within the computing system.
  • the implementation is a matter of choice dependent on the performance requirements of the computing system implementing the invention. Accordingly, the logical operations making up the embodiments of the invention described herein can be variously referred to as operations, steps, or modules.
  • FIG. 3 illustrates multiple applications containing programmable components within a remote server in an embodiment of the present invention.
  • Computing system 310 may contain one or more applications, 301 – 306 .
  • Each application 301 – 306 is a collection of object oriented components 311 – 313 that operate together to perform a processing function or task.
  • object oriented components 311 – 313 that operate together to perform a processing function or task.
  • systems allow any programming object who may access a component within a computer system to identify and activate any component within the system regardless of whether the component to be activated is located within a given application or not.
  • component c 3 ′ 311 is configured to be a public component. This property of the components is specified using configuration data accessed when the component is activated and is used by the server 310 to determine if a component may be activated.
  • Component c 3 ′ 311 may be activated by a call 320 initiated by any remote component.
  • the component may be activated by a component located within any other application whether the application is located on server 110 or any other remote computing system.
  • the component may, if desired, impose other security checks to determine whether the component may be activated. These additional security checks may be based upon ownership of the component, membership within an authorized group or user ID, or similar security protocols typically used to grant and deny access to a computer resource.
  • a private component such as c 2 314
  • a private component may only be activated by a call 324 initiated by a component within the same application 302 .
  • An external call 331 attempting to activate component c 2 314 will fail.
  • Component c 2 314 may only be activated by a call 324 initiated within its application 302 .
  • an activation call 322 initiating activation of component c 6 313 is successful if component c 6 313 is a public component.
  • Component c 3 ′ 311 may also initiate a call 321 to activate component c 5 regardless of the public/private property of component c 5 312 since both of these components are within the same application 303 .
  • component c 3 ′ 311 may not activate component c 2 314 with an activation call 324 because component c 2 314 and component c 3 ′ 311 are not located within the same application.
  • FIG. 4 illustrates a computing system for processing component activation using public and private components within multiple applications according to yet another example embodiment of the present invention.
  • Processing calls that require the activation of a component are received by a component activation control module 401 .
  • the control module 401 first determines the application of the component to be called, determines if the component may be activated, and, if appropriate, activates the appropriate component.
  • the control module 401 obtains the ID of the application containing the component and any corresponding activation authorization before proceeding from a component authorization module 411 .
  • This component activation module 411 contains a user ID search module 412 and a user ID-component activation authorization database 413 to determine the needed information.
  • the user ID search module 412 receives a request from the control module 401 and looks up the ID of the user making the request to activate a component in the database 413 . If a match is found, the corresponding default application ID is retrieved and returned to the control module 401 for further processing. If no match is found, either an error or a default value is returned.
  • the application identity module 411 corresponds to a directory service typically found on networks for providing user ID based configuration and security data.
  • the component authorization module 411 is typically a centrally located data store that provides the requested information upon request.
  • this database may be located anywhere in the computing system so long as it provides the information needed by the present invention as recited within the attached claims.
  • the control module 401 uses the returned information to cause a permit object activation module 421 to activate an instance of the requested component.
  • the activation module 421 retrieves a configuration data record 424 from an Object Activation Configuration database 422 to determine if the activation of the object requires the use of one or more activators 431 – 433 to activate an instance of a component using a process such as component aliases, public/private components, and any other type of component activation processing desired.
  • the decision to successfully activate a public and private component as discussed above is performed by a public/private activation module 431 .
  • Other activation modules 432 – 433 perform any required processing to implement their respective functions.
  • the activation of components may use one or more of these activation modules 431 – 433 . Which of these modules 431 – 433 , and the order in which any of these modules 431 – 433 , are used when a component is activated in response to a given request is specified within the configuration data record 424 .
  • FIG. 5 illustrates a process flow diagram representing the processing performed as part of component activation using public and private components within multiple applications according to yet another example embodiment of the present invention.
  • the process flow begins 501 as the process proceeds to a receive activation request module 511 .
  • the receive module 511 receives an activation request from a calling component that seeks to activate a non-active component within the server 110 .
  • the process determines the identity of the component to be activated from the identity of the requested class ID.
  • Test module 513 determines if the corresponding component exists. If the requested component does not exist, the processing proceeds to an error module 514 to generate and return a no such object class error message to the calling component before the process ends 502 .
  • test module 513 determines that the requested component exists, the processing obtains the public/private indication data for the requested component in module 515 .
  • Test module 516 uses the data obtained in module 515 to determine if the requested component is a public component. If test module 516 determines that the requested component is a public component, an instance of the component is activated by module 517 and the process ends 502 .
  • test module 518 determines if the calling component is within the same application as the requested component. If test module 518 determines that the requested component is within the same application, an instance of the component is activated by module 517 and the process ends 502 . If test module 518 determines that the requested component is not within the same application, an error message is generated by error module 514 before the process ends 502 .
  • FIG. 2 illustrates an example of a suitable operating environment 110 in which the invention may be implemented.
  • the operating environment is only one example of a suitable operating environment 110 and is not intended to suggest any limitation as to the scope of use or functionality of the invention.
  • Other well known computing systems, environments, and/or configurations that may be suitable for use with the invention include, but are not limited to, personal computers, server computers, held-held or laptop devices, multiprocessor systems, microprocessor-based systems, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
  • program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
  • functionality of the program modules may be combined or distributed in desired in various embodiments.
  • a network server 110 typically includes at least some form of computer readable media.
  • Computer readable media can be any available media that can be accessed by the network server 110 .
  • Computer readable media may comprise computer storage media and communication media.
  • Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, BC-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the network server 110 .
  • Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
  • modulated data signal means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
  • communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer readable media.

Abstract

A method, apparatus, and article of manufacture provide a component-based computing system having both publicly accessible and privately-only accessible computing components within multiple applications for providing component addressing/identification and naming spaces. A requested processing component is initiated by a calling component within a local computing system having one or more applications. The identity of the requested processing component, including an identity of a class ID and an identity of a partition from a request to activate a component initiated by a calling component, is obtained using configuration data for the requested component. The configuration data provides an indication of public-private status for the requested component. An instance of the requested component can be activated based on the public-private status.

Description

TECHNICAL FIELD
The invention relates generally to a component-based computing system and more particularly to component-based computing system having both publicly accessible and privately-only accessible computing components within multiple applications within the computing system.
BACKGROUND
Object-oriented programming systems utilize collections of computer programming components executing within a system to form applications that provide a desired set of functionality. Components that possess authority to gain access to components present on a given system typically can identity and activate all other components that are presented on this system. This fact may allow processing systems to behave in manners that are different that initially intended as components attempt to access components that were not intended to be activated by a particular component.
This potential deficiency in component-based systems typically arises when a component in one collection of components that is viewed to be a single application attempts to access components resident within a second application resident on the same computing system. No mechanism exists in current component based systems to confine activation calls for components between these applications to a small, well-defined set of access points. As such, component based systems may be vulnerable to several different types of inappropriate and unauthorized behavior by applications.
Computing systems developed prior to the creation of component-based systems did not necessarily suffer this system deficiency as executable sets of processing modules were linked together into a single executable module that accessed processing resources through the use of system calls to an operating system. As such, the entry points to executable modules was both well defined and under the control of a system administrator. Access to these system calls could be monitored and limited if appropriate.
This situation is different in component based computing systems in which one component may call a second component which in turn may call a third component. This sequence of calls may extend to any number of levels. The various components may be developed by different individuals for completely different purposes. The net result of these combinations of component calls may not be well understood or easily traceable until inappropriate behavior has occurred.
SUMMARY
The present invention relates to a method, apparatus, and article of manufacture for providing a component-based computing system having both publicly accessible and privately-only accessible computing components within multiple applications for providing component addressing/identification and naming spaces.
A system in accordance with the principles of the present invention includes a computing system for activating a requested processing component initiated by a calling component within a local computing system. The computing system has an application activation control module for receiving a request to activate a component initiated by a calling component and activating an instance of the requested component, and an application identity module for determining the identity of one or more applications used to identify the requested processing component, a permit object activation module for determining whether an instance of the requested component may be activated.
Other embodiments of a system in accordance with the principles of the invention may include alternative or optional additional aspects. One such aspect of the present invention is a method and computer data product encoding instructions for activating a requested processing component initiated by a calling component within a local computing system having two or more applications. The method determines the identity of the requested processing component, including an identity of a class ID and an identity of an application from a request to activate a component initiated by a calling component and obtains configuration data for the requested component, the configuration data comprises an indication of public-private status for the requested component. If the configuration data indicates that the requested component is a public component, an instance of the requested component is activated. If the configuration data indicates that the requested component is a private component, the method determines if the requested component is a member of an application that also includes the calling component as a member. If the requested component and the calling component are members of the same application, an instance of the requested component is activated.
These and various other advantages and features of novelty which characterize the invention are pointed out with particularity in the claims annexed hereto and form a part hereof. However, for a better understanding of the invention, its advantages, and the objects obtained by its use, reference should be made to the drawings which form a further part hereof, and to accompanying descriptive matter, in which there are illustrated and described specific examples of an apparatus in accordance with the invention.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 illustrates a distributed computing environment for using public and private components within multiple applications located on a remote server according to an example embodiment of the present invention.
FIG. 2 illustrates an exemplary computing system useful for implementing an embodiment of the present invention.
FIG. 3 illustrates multiple applications containing programmable components within a remote server in an embodiment of the present invention.
FIG. 4 illustrates a computing system for processing component activation using public and private components within multiple applications according to yet another example embodiment of the present invention.
FIG. 5 illustrates a process flow diagram representing the processing performed as part of component activation using public and private components within multiple applications according to yet another example embodiment of the present invention.
DETAILED DESCRIPTION
The present invention relates to a code generation method, apparatus, and article of manufacture for providing a component-based computing system having both publicly accessible and privately-only accessible computing components within multiple applications within a component based computer system.
FIG. 1 illustrates a distributed computing environment for using public and private components within multiple applications located on a remote server according to an example embodiment of the present invention. In an exemplary embodiment, remotely located client computing systems 101103 access programmable computing processing components on a remote server 110 across a communications network 120. Within the server 110, at least two programming applications are included.
When an active component on the server 110 needs to activate additional components to complete one or more processing tasks, the component selected for activation using the ID of the original calling client to determine where to find the component to be selected. While this example embodiment operates within a client-server environment, one skilled in the art will recognize that the use of multiple applications within component-based computing systems as disclosed herein is not limited to such a programming environment as the client processes that cause components to be activated according to the present invention as recited within the attached claims may also be located within the server as well as being located within remote client computing systems 101103.
The processing performed pursuant to the present invention corresponds to the process followed when a component is activated. These components are typically individual object-oriented programming modules and the process of activating a component corresponds to the process of creating an instance of the component that is to be used to provide a function or operation to be performed for a given client 101103. Once a component has been instantiated and is active in response to a component activation call 121, the instance of the component may be called one or more times to perform a desired operation. However, the processing associated with the present invention typically concerns the processing performed to identify the component when it is being activated and instantiated, rather than when the already active instance of the component is called a second time. The activated component c1 113 may itself make an activation call 122 to a component c2 114 that is part of the same application 112 or may make an activation call 123 to component c6 115 that is part of a second application 111.
With reference to FIG. 2, an exemplary system for implementing the invention includes a general-purpose computing device in the form of a conventional personal computer 200, including a processor unit 202, a system memory 204, and a system bus 206 that couples various system components including the system memory 204 to the processor unit 200. The system bus 206 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus and a local bus using any of a variety of bus architectures. The system memory includes read only memory (ROM) 208 and random access memory (RAM) 210. A basic input/output system 212 (BIOS), which contains basic routines that help transfer information between elements within the personal computer 200, is stored in ROM 208.
The personal computer 200 further includes a hard disk drive 212 for reading from and writing to a hard disk, a magnetic disk drive 214 for reading from or writing to a removable magnetic disk 216, and an optical disk drive 218 for reading from or writing to a removable optical disk 219 such as a CD ROM, DVD, or other optical media. The hard disk drive 212, magnetic disk drive 214, and optical disk drive 218 are connected to the system bus 206 by a hard disk drive interface 220, a magnetic disk drive interface 222, and an optical drive interface 224, respectively. The drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, programs, and other data for the personal computer 200.
Although the exemplary environment described herein employs a hard disk, a removable magnetic disk 216, and a removable optical disk 219, other types of computer-readable media capable of storing data can be used in the exemplary system. Examples of these other types of computer-readable mediums that can be used in the exemplary operating environment include magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges, random access memories (RAMs), and read only memories (ROMs).
A number of program modules may be stored on the hard disk, magnetic disk 216, optical disk 219, ROM 208 or RAM 210, including an operating system 226, one or more application programs 228, other program modules 230, and program data 232. A user may enter commands and information into the personal computer 200 through input devices such as a keyboard 234 and mouse 236 or other pointing device. Examples of other input devices may include a microphone, joystick, game pad, satellite dish, and scanner. These and other input devices are often connected to the processing unit 202 through a serial port interface 240 that is coupled to the system bus 206. Nevertheless, these input devices also may be connected by other interfaces, such as a parallel port, game port, or a universal serial bus (USB). A monitor 242 or other type of display device is also connected to the system bus 206 via an interface, such as a video adapter 244. In addition to the monitor 242, personal computers typically include other peripheral output devices (not shown), such as speakers and printers.
The personal computer 200 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 246. The remote computer 246 may be another personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the personal computer 200. The network connections include a local area network (LAN) 248 and a wide area network (WAN) 250. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, and the Internet.
When used in a LAN networking environment, the personal computer 200 is connected to the local network 248 through a network interface or adapter 252. When used in a WAN networking environment, the personal computer 200 typically includes a modem 254 or other means for establishing communications over the wide area network 250, such as the Internet. The modem 254, which may be internal or external, is connected to the system bus 206 via the serial port interface 240. In a networked environment, program modules depicted relative to the personal computer 200, or portions thereof, may be stored in the remote memory storage device. It will be appreciated that the network connections shown are exemplary, and other means of establishing a communications link between the computers may be used.
Additionally, the embodiments described herein are implemented as logical operations performed by a computer. The logical operations of these various embodiments of the present invention are implemented (1) as a sequence of computer implemented steps or program modules running on a computing system and/or (2) as interconnected machine modules or hardware logic within the computing system. The implementation is a matter of choice dependent on the performance requirements of the computing system implementing the invention. Accordingly, the logical operations making up the embodiments of the invention described herein can be variously referred to as operations, steps, or modules.
FIG. 3 illustrates multiple applications containing programmable components within a remote server in an embodiment of the present invention. Computing system 310 may contain one or more applications, 301306. Each application 301306 is a collection of object oriented components 311313 that operate together to perform a processing function or task. Currently, systems allow any programming object who may access a component within a computer system to identify and activate any component within the system regardless of whether the component to be activated is located within a given application or not.
First consider an activation call 320 made from outside server 310 to components c3311 within application 303. In this example, component c3311 is configured to be a public component. This property of the components is specified using configuration data accessed when the component is activated and is used by the server 310 to determine if a component may be activated.
Component c3311, being a public component, may be activated by a call 320 initiated by any remote component. When a component is designated as a public component, the component may be activated by a component located within any other application whether the application is located on server 110 or any other remote computing system. The component may, if desired, impose other security checks to determine whether the component may be activated. These additional security checks may be based upon ownership of the component, membership within an authorized group or user ID, or similar security protocols typically used to grant and deny access to a computer resource.
In contrast, a private component, such as c2 314, may only be activated by a call 324 initiated by a component within the same application 302. An external call 331 attempting to activate component c2 314 will fail. Component c2 314 may only be activated by a call 324 initiated within its application 302.
Similarly, an activation call 322 initiating activation of component c6 313 is successful if component c6 313 is a public component. Component c3311 may also initiate a call 321 to activate component c5 regardless of the public/private property of component c5 312 since both of these components are within the same application 303. For the same reasoning discussed above, component c3311 may not activate component c2 314 with an activation call 324 because component c2 314 and component c3311 are not located within the same application.
FIG. 4 illustrates a computing system for processing component activation using public and private components within multiple applications according to yet another example embodiment of the present invention. Processing calls that require the activation of a component are received by a component activation control module 401. The control module 401 first determines the application of the component to be called, determines if the component may be activated, and, if appropriate, activates the appropriate component.
The control module 401 obtains the ID of the application containing the component and any corresponding activation authorization before proceeding from a component authorization module 411. This component activation module 411 contains a user ID search module 412 and a user ID-component activation authorization database 413 to determine the needed information. The user ID search module 412 receives a request from the control module 401 and looks up the ID of the user making the request to activate a component in the database 413. If a match is found, the corresponding default application ID is retrieved and returned to the control module 401 for further processing. If no match is found, either an error or a default value is returned.
In the above embodiment, the application identity module 411 corresponds to a directory service typically found on networks for providing user ID based configuration and security data. The component authorization module 411 is typically a centrally located data store that provides the requested information upon request. One skilled in the art will recognize that this database may be located anywhere in the computing system so long as it provides the information needed by the present invention as recited within the attached claims.
The control module 401 uses the returned information to cause a permit object activation module 421 to activate an instance of the requested component. Finally, the activation module 421 retrieves a configuration data record 424 from an Object Activation Configuration database 422 to determine if the activation of the object requires the use of one or more activators 431433 to activate an instance of a component using a process such as component aliases, public/private components, and any other type of component activation processing desired. The decision to successfully activate a public and private component as discussed above is performed by a public/private activation module 431. Other activation modules 432433 perform any required processing to implement their respective functions. The activation of components may use one or more of these activation modules 431433. Which of these modules 431433, and the order in which any of these modules 431433, are used when a component is activated in response to a given request is specified within the configuration data record 424.
FIG. 5 illustrates a process flow diagram representing the processing performed as part of component activation using public and private components within multiple applications according to yet another example embodiment of the present invention. The process flow begins 501 as the process proceeds to a receive activation request module 511. The receive module 511 receives an activation request from a calling component that seeks to activate a non-active component within the server 110.
Once the request is received, the process, in module 512, determines the identity of the component to be activated from the identity of the requested class ID. Test module 513 determines if the corresponding component exists. If the requested component does not exist, the processing proceeds to an error module 514 to generate and return a no such object class error message to the calling component before the process ends 502.
If test module 513 determines that the requested component exists, the processing obtains the public/private indication data for the requested component in module 515. Test module 516 uses the data obtained in module 515 to determine if the requested component is a public component. If test module 516 determines that the requested component is a public component, an instance of the component is activated by module 517 and the process ends 502.
If test module 516 determines that the requested component is a private component, test module 518 determines if the calling component is within the same application as the requested component. If test module 518 determines that the requested component is within the same application, an instance of the component is activated by module 517 and the process ends 502. If test module 518 determines that the requested component is not within the same application, an error message is generated by error module 514 before the process ends 502.
FIG. 2 illustrates an example of a suitable operating environment 110 in which the invention may be implemented. The operating environment is only one example of a suitable operating environment 110 and is not intended to suggest any limitation as to the scope of use or functionality of the invention. Other well known computing systems, environments, and/or configurations that may be suitable for use with the invention include, but are not limited to, personal computers, server computers, held-held or laptop devices, multiprocessor systems, microprocessor-based systems, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
The invention may also be described in the general context of computer-executable instructions, such as program modules, executed by one or more computers or other devices. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Typically the functionality of the program modules may be combined or distributed in desired in various embodiments.
A network server 110 typically includes at least some form of computer readable media. Computer readable media can be any available media that can be accessed by the network server 110. By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, BC-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the network server 110.
Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer readable media.
While the above embodiments of the present invention describe a network based processing system providing processing services to remote clients, one skilled in the art will recognize that the various distributed computing architectures may be used to implement the present invention as recited within the attached claims. It is to be understood that other embodiments may be utilized and operational changes may be made without departing from the scope of the present invention.
The foregoing description of the exemplary embodiments of the invention has been presented for the purposes of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise forms disclosed. Many modifications and variations are possible in light of the above teaching. It is intended that the scope of the invention be limited not with this detailed description, but rather by the claims appended hereto. Thus the present invention is presently embodied as a method, apparatus, computer storage medium or propagated signal containing a computer program for providing a method, apparatus, and article of manufacture for providing network based processing system providing processing services to remote clients.

Claims (17)

1. A computer implemented method of activating a requested processing component initiated by a calling component within a local computing system having one or more applications, the method comprising:
activating an instance of an application associated with one or more processing components;
receiving a request from a calling component to activate one of the processing components associated with the application;
determining an identity of the requested processing component, including an identity of a class ID from the request to activate the requested component initiated by the calling component;
obtaining configuration data for the requested component, the configuration data comprising an indication of public-private status for the requested component;
if the configuration data indicates that the requested component is a public component, activating an instance of the requested component;
if the configuration data indicates that the requested component is a private component, performing the following:
determining if the requested component is a member of the application that also includes the calling component as a member; and
if the requested component and the calling component are members of the same application, activating an instance of the requested component.
2. The method according to claim 1, wherein the identity of the calling component corresponds to an identity obtained from a central directory service.
3. The method according to claim 2, wherein the central directory service communicates with the local computer over a communications network.
4. The method according to claim 1, wherein the calling component is located on a remote computing system.
5. The method according to claim 4, wherein the calling component transmits the request to activate a component to the local computing system across a communications network.
6. The method according to claim 5, wherein the communications network is the Internet.
7. A computer implemented method of activating a requested processing component initiated by a calling component within a local computing system having one or more applications, the method comprising:
determining an identity of the requested processing component, including an identity of a class ID and an identity of an application from a request to activate a component initiated by a calling component;
activating an instance of an application associated with one or more processing components;
receiving a request from a calling component to activate one of the processing components associated with the application;
obtaining configuration data for the requested component, the configuration data comprising an indication of public-private status for the requested component;
if the configuration data indicates that the requested component is a public component, activating an instance of the requested component;
if the configuration data indicates that the requested component is a private component, performing the following:
determining if the requested component is a member of the application that also includes the calling component as a member; and
if the requested component and the calling component are members of the same application, activating an instance of the requested component;
wherein the identity of the calling component corresponds to an identity obtained from a central directory service; and
the calling component is located on a remote computing system that transmits the request to activate a component to the local computing system across a communications network.
8. A computer program data product containing computer readable medium encoding instructions for a method for activating a requested processing component initiated by a calling component within a local computing system having one or more applications, the method comprising:
activating an instance of an application associated with one or more processing components;
receiving a request from a calling component to activate one of the processing components associated with the application;
determining an identity of the requested processing component, including an identity of a class ID and an identity of a partition from the request to activate the requested component initiated by the calling component;
obtaining configuration data for the requested component, the configuration data comprising an indication of public-private status for the requested component;
if the configuration data indicates that the requested component is a public component, activating an instance of the requested component;
if the configuration data indicates that the requested component is a private component, performing the following:
determining if the requested component is a member of the application that also includes the calling component as a member; and
if the requested component and the calling component are members of the same application, activating an instance of the requested component.
9. The computer data product according to claim 8, wherein the identity of the calling component corresponds to an identity obtained from a central directory service.
10. The computer data product according to claim 9, wherein the central directory service communicates with the local computer over a communications network.
11. The computer data product according to claim 8, wherein the calling component is located on a remote computing system.
12. The computer data product according to claim 11, wherein the calling component transmits the request to activate a component to the local computing system across a communications network.
13. The computer data product according to claim 12, wherein the communications network is the Internet.
14. The computer data product according to claim 8, wherein the computer data product comprises a computer-readable medium having stored thereon a set of computer instructions.
15. The computer data product according to claim 8, wherein the computer data product comprises a computer data signal embodied in a carrier wave readable by a computing system and encoding a set of computer instructions.
16. A computing system for activating a requested processing component initiated by a calling component within a local computing system having one or more applications, the computing system comprising:
an activated application associated with one or more processing components;
an activation control module for receiving a request to activate one of the processing components associated with the application, the request being initiated by a calling component and activating an instance of the requested component;
an application identity module for determining an identity of one or more applications used to identify the requested processing component; and
a permit object activation module for determining whether an instance of the requested component can be activated, the permit object activation module using configuration data including a value of a public/private property to determine whether the request component can be activated, wherein the permit object activation module is programmed to:
if the configuration data indicates that the requested component is a public component, the permit object activation module allows activation of an instance of the requested component;
if the configuration data indicates that the requested component is a private component:
the permit object activation module determines if the requested component is a member of the application that also includes the calling component as a member; and
if the requested component and the calling component are members of the same application, the permit object activation module allows activation of an instance of the requested component.
17. The computing system according to claim 16, wherein the application identity module obtains the identity of the calling component from a central directory service.
US09/850,318 2001-05-07 2001-05-07 System determining whether to activate public and private components operating within multiple applications of a component-based computing system Expired - Lifetime US6996830B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US09/850,318 US6996830B1 (en) 2001-05-07 2001-05-07 System determining whether to activate public and private components operating within multiple applications of a component-based computing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/850,318 US6996830B1 (en) 2001-05-07 2001-05-07 System determining whether to activate public and private components operating within multiple applications of a component-based computing system

Publications (1)

Publication Number Publication Date
US6996830B1 true US6996830B1 (en) 2006-02-07

Family

ID=35734394

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/850,318 Expired - Lifetime US6996830B1 (en) 2001-05-07 2001-05-07 System determining whether to activate public and private components operating within multiple applications of a component-based computing system

Country Status (1)

Country Link
US (1) US6996830B1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030055965A1 (en) * 2001-09-20 2003-03-20 International Business Machines Corporation User-defined units of context in a distributed computer environment
US20090249249A1 (en) * 2008-03-26 2009-10-01 Microsoft Corporation User interface framework and techniques
US20140380318A1 (en) * 2013-06-24 2014-12-25 Microsoft Corporation Virtualized components in computing systems
CN112131263A (en) * 2020-09-14 2020-12-25 微医云(杭州)控股有限公司 Software package obtaining method, system, device, electronic equipment and storage medium

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5941943A (en) 1996-06-17 1999-08-24 International Business Machines Corporation Apparatus and a method for creating isolated sub-environments using host names and aliases
US5996013A (en) 1997-04-30 1999-11-30 International Business Machines Corporation Method and apparatus for resource allocation with guarantees
US6134603A (en) * 1998-03-20 2000-10-17 Sun Microsystems, Inc. Method and system for deterministic hashes to identify remote methods
US6151700A (en) * 1997-10-20 2000-11-21 International Business Machines Corporation Object oriented distributed programming system for computer controlled networks with selective capture of program property data identifying a particular program version
US6249836B1 (en) 1996-12-30 2001-06-19 Intel Corporation Method and apparatus for providing remote processing of a task over a network
US20020004850A1 (en) * 2000-03-29 2002-01-10 Krishna Sudarshan System and method of providing a messaging engine for an enterprise javabeans enabled server to achieve container managed asynchronous functionality
US6393491B1 (en) 1999-04-26 2002-05-21 Sun Microsystems, Inc. Method and apparatus for dispatch table construction
US20020113899A1 (en) 2001-02-22 2002-08-22 Swan Philip L. Method and system for improved display filtering
US20020122061A1 (en) 1998-04-30 2002-09-05 Bruce K. Martin Configurable man-machine interface
US6457060B1 (en) 1998-04-30 2002-09-24 Openwave Systems Inc. Method and apparatus for flexibly linking to remotely located content on a network server through use of aliases
US6523065B1 (en) 1999-08-03 2003-02-18 Worldcom, Inc. Method and system for maintenance of global network information in a distributed network-based resource allocation system
US6557068B2 (en) 1998-09-03 2003-04-29 Hewlett-Packard Development Company, L.P. High speed peripheral interconnect apparatus, method and system
US6594671B1 (en) 1999-06-14 2003-07-15 International Business Machines Corporation Separating privileged functions from non-privileged functions in a server instance
US6687717B1 (en) 2001-05-07 2004-02-03 Microsoft Corporation Component aliasing operating within a component-based computing system
US6751797B1 (en) * 1999-10-26 2004-06-15 Bull S.A. System and method for managing the persistence of EJB components in a directory accessed via LDAP

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5941943A (en) 1996-06-17 1999-08-24 International Business Machines Corporation Apparatus and a method for creating isolated sub-environments using host names and aliases
US6249836B1 (en) 1996-12-30 2001-06-19 Intel Corporation Method and apparatus for providing remote processing of a task over a network
US5996013A (en) 1997-04-30 1999-11-30 International Business Machines Corporation Method and apparatus for resource allocation with guarantees
US6151700A (en) * 1997-10-20 2000-11-21 International Business Machines Corporation Object oriented distributed programming system for computer controlled networks with selective capture of program property data identifying a particular program version
US6134603A (en) * 1998-03-20 2000-10-17 Sun Microsystems, Inc. Method and system for deterministic hashes to identify remote methods
US20020122061A1 (en) 1998-04-30 2002-09-05 Bruce K. Martin Configurable man-machine interface
US6457060B1 (en) 1998-04-30 2002-09-24 Openwave Systems Inc. Method and apparatus for flexibly linking to remotely located content on a network server through use of aliases
US6509913B2 (en) 1998-04-30 2003-01-21 Openwave Systems Inc. Configurable man-machine interface
US6557068B2 (en) 1998-09-03 2003-04-29 Hewlett-Packard Development Company, L.P. High speed peripheral interconnect apparatus, method and system
US6393491B1 (en) 1999-04-26 2002-05-21 Sun Microsystems, Inc. Method and apparatus for dispatch table construction
US6594671B1 (en) 1999-06-14 2003-07-15 International Business Machines Corporation Separating privileged functions from non-privileged functions in a server instance
US6523065B1 (en) 1999-08-03 2003-02-18 Worldcom, Inc. Method and system for maintenance of global network information in a distributed network-based resource allocation system
US6751797B1 (en) * 1999-10-26 2004-06-15 Bull S.A. System and method for managing the persistence of EJB components in a directory accessed via LDAP
US20020004850A1 (en) * 2000-03-29 2002-01-10 Krishna Sudarshan System and method of providing a messaging engine for an enterprise javabeans enabled server to achieve container managed asynchronous functionality
US20020113899A1 (en) 2001-02-22 2002-08-22 Swan Philip L. Method and system for improved display filtering
US6687717B1 (en) 2001-05-07 2004-02-03 Microsoft Corporation Component aliasing operating within a component-based computing system

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
Anne Thomas, Enterprise JavaBeans Technology: Server Component Model for the Java Platform, Dec. 1998, Patricia Seybold Group. *
Clarke et al., Ownership Types for Flexible Alias Protection, ACM, pp. 48-64 (Oct. 1998).
U.S. Appl. No. 09/850,289, "Method and System for Application Partitions," filed May 7, 2001.
U.S. Appl. No. 09/850,458, "Method and System for Application Partitions," filed May 7, 2001.
U.S. Appl. No. 09/850,489, "Method and System for Application Partitions," filed May 7, 2001.

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030055965A1 (en) * 2001-09-20 2003-03-20 International Business Machines Corporation User-defined units of context in a distributed computer environment
US20090249249A1 (en) * 2008-03-26 2009-10-01 Microsoft Corporation User interface framework and techniques
US8234586B2 (en) 2008-03-26 2012-07-31 Microsoft Corporation User interface framework and techniques
US20140380318A1 (en) * 2013-06-24 2014-12-25 Microsoft Corporation Virtualized components in computing systems
US9875120B2 (en) * 2013-06-24 2018-01-23 Microsoft Technology Licensing, Llc Virtualized components in computing systems
CN112131263A (en) * 2020-09-14 2020-12-25 微医云(杭州)控股有限公司 Software package obtaining method, system, device, electronic equipment and storage medium
CN112131263B (en) * 2020-09-14 2024-02-27 微医云(杭州)控股有限公司 Software package acquisition method, system, device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US7305658B1 (en) Method and system for application partitions
CN108650262B (en) Cloud platform expansion method and system based on micro-service architecture
US5737523A (en) Methods and apparatus for providing dynamic network file system client authentication
US5544322A (en) System and method for policy-based inter-realm authentication within a distributed processing system
US8239954B2 (en) Access control based on program properties
US6226746B1 (en) Stack-based system and method to combine security requirements of methods
US6282652B1 (en) System for separately designating security requirements for methods invoked on a computer
US7624143B2 (en) Methods, apparatus, and program products for utilizing contextual property metadata in networked computing environments
US7024662B2 (en) Executing dynamically assigned functions while providing services
US7620737B2 (en) Methods, apparatus, and program products for abstract applications/components in a ubiquitous computing environment
US9742808B2 (en) Data access policies
US20040225524A1 (en) Systems and methods for monitoring the presence of assets within a system and enforcing policies governing assets
US20090106841A1 (en) Traffic manager for distributed computing environments
WO2021013033A1 (en) File operation method, apparatus, device, and system, and computer readable storage medium
US7624439B2 (en) Authenticating resource requests in a computer system
CN110535928B (en) Event pushing method for JAVA intelligent contract of block chain
US6810363B2 (en) Methods, apparatus, and program products for analyzing context in a networked computing environment
CN111368330B (en) Ethernet intelligent contract auditing system and method based on block chain
WO2020259390A1 (en) Method and apparatus for detecting deserialization vulnerability
US7650627B1 (en) Abstract configuration files for efficient implementation of security services
US7260831B1 (en) Method and system for authorization and access to protected resources
CN1601954B (en) Moving principals across security boundaries without service interruption
US7620731B1 (en) Isolated persistent storage
US6996830B1 (en) System determining whether to activate public and private components operating within multiple applications of a component-based computing system
US20040139231A1 (en) Methods, apparatus, and program products for configuring components in networked computing environments

Legal Events

Date Code Title Description
AS Assignment

Owner name: MICROSOFT CORPORATION, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HAMILTON, KEITH;JAMIESON, STEVE;REEL/FRAME:011780/0343

Effective date: 20010502

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034541/0001

Effective date: 20141014

FPAY Fee payment

Year of fee payment: 12